malquery
MalQuery examples
The examples in this folder focus on leveraging CrowdStrike's MalQuery API to perform threat hunting operations.
Search and Download samples from MalQuery
Downloads a specified number of examples from MalQuery that match the search term and type you specify. Results will be stored in zip archive format with the password of infected.
[!WARNING] Samples downloaded from MalQuery have been confirmed as malware. Handle with extreme caution.
Running the program
In order to run this demonstration, you will need access to CrowdStrike API keys with the following scopes:
MalQuery
READ, WRITE
Execution syntax
This example accepts the following input parameters.
-t, --type
Type of pattern for the query. Select from ASCII, HEX, or WIDE. Defaults to ASCII.
-v, --value
The value for malquery to search.
-f, --file
Filename to save the downloaded samples to. File will be in zip format.
-e, --examples
Number of examples to download. Integer only.
-k, --key
Your CrowdStrike Falcon API Client ID
-s, --secret
Your CrowdStrike Falcon API Client Secret
Downloads 3 trickbot samples from MalQuery
Command-line help
Command-line help is available using the -h or --help parameters.
Example source code
The source code for this example can be found here.
Last updated
Was this helpful?